stacked-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill programmatically fetches GitHub PR review threads and comment bodies from public repositories (see getOpenComments/getOpenComments in references/automation-patterns.md and the gh api graphql calls in scripts/check-stack-status.ts), treats those user-generated review comments as input to auto-fix logic and decision-making, and therefore exposes the agent to untrusted third-party content that could inject instructions.